Denial-of-Service (DoS) attacks aim to interrupt localized Internet services by making them temporarily unavailable by flooding the victim, e.g., a single Web host or an entire network served by an Internet Service Provider (ISP), with a high volume of packets originating from several machines.
Stopping a DoS attack normally requires first identifying and characterizing the attack at the victim side and usually is performed manually. Once understood, an ISP manually creates new filtering rules to be applied to routers handling the attack traffic. The number of required filters tends to increase rapidly, posing a scalability problem as well as performance degradation with high speed networks.
Traffic marking, traceback protocols, and pushback mechanisms have been the subjects of research as defense against DoS attacks. Intrusion pattern recognition is another source of research. However, these mechanisms are signature-based, therefore making them vulnerable to new, uncharacterized types of DoS attacks.